The security landscape has taken a concerning turn, as highlighted in Verizon’s recently published *2025 Data Breach Investigations Report (DBIR)*. Notably, the report reveals that incidents involving third-party compromises have surged dramatically, now accounting for 30% of total data breaches—up from 15% last year. This trend signals an alarming shift in how cybercriminals are exploiting vulnerabilities within supply chains, affecting multiple organizations through singular entry points.
The report detailed an expansive examination of over 22,000 security incidents, including more than 12,000 confirmed breaches. It found that attacks exploiting vulnerabilities as an initial attack vector have skyrocketed by 34%, representing 20% of all breaches analyzed. This behavior underscores a tactical evolution among cyber adversaries, who are increasingly targeting weaknesses before organizations can implement preventive measures.
Among the strategies employed, Verizon analysts identified credential abuse—used in 22% of the incidents—alongside vulnerability exploitation, enabling attackers to orchestrate complex multi-stage attack chains that complicate detection and mitigation efforts. These dual-modality tactics allow adversaries to create persistent access within compromised networks, often masquerading as legitimate users for prolonged periods.
The data indicates that human factors continue to be a critical element in breach success, with social engineering tactics frequently serving as the first point of compromise. Attackers are leveraging advanced phishing techniques, targeting specific employees who have access to vital systems, thus reflecting their strategic reconnaissance capabilities.
Despite enhanced cybersecurity awareness and investment, small and medium-sized businesses (SMBs) are facing disproportionate impacts, particularly from ransomware, which appeared in 88% of breaches involving these organizations. The median ransom payment has escalated to approximately $115,000, representing a significant threat to smaller businesses that often have inadequate cybersecurity resources.
Vulnerability Exploitation Techniques in Detail
The report outlines how attackers are employing sophisticated reconnaissance and exploitation techniques in their assaults. They initiate these attacks by scanning the networks of business partners for unpatched systems, primarily targeting internet-facing applications. Identifying these vulnerabilities serves as the initial foothold for further penetration.
The attack process typically follows a sequence: initial scanning, vulnerability identification, exploitation, lateral movement, and ultimately data exfiltration. In the most alarming cases, attackers utilize zero-day vulnerabilities with no available remedies, enabling them to maintain an average persistence of 187 days before detection.
Malicious operations often involve carefully crafted HTTP requests designed to exploit buffer overflow vulnerabilities in web applications. These requests typically contain malformed parameters aimed at manipulating memory management functions, allowing code execution on the compromised system. Once executed, this code establishes a connection to command-and-control (C2) infrastructure using encrypted communications to avoid detection.
Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon Business, emphasized that the proliferation of third-party integrations has broadened the attack surface that many businesses inadequately secure or monitor. Each external connection creates a possible entry point that can circumvent conventional perimeter defenses.
The report advocates for organizations to adopt comprehensive third-party risk management strategies. These should include vendor security assessments, continuous monitoring, and the implementation of zero-trust security architectures to counter these escalating threats. As supply chain attacks rise, the traditional security perimeter has dissipated, necessitating a fundamental reevaluation of cybersecurity strategies.
The Verizon 2025 DBIR serves as a stark reminder for organizations across the spectrum to reassess their third-party security measures. As cyber adversaries innovate their strategies, particularly focusing on supply chain vulnerabilities, businesses must embrace multi-layered defense systems that address both technical vulnerabilities and human factors. Ongoing commitment to regular vulnerability assessments, timely patching, employee training, and enhanced visibility into third-party connections will be crucial in navigating the increasingly hazardous cybersecurity terrain identified in this year’s report.
Malware Trends Report Based on 15,000 SOC Teams Incidents, Q1 2025 out! — Get Your Free Copy
